BUt it only gets the worm payload, not the trojan one. I sumbitted the attachment. so don't open anything that says attachment.zip which contains an .htm file and the file icon looks like that nice old MSDOS icon. CHeers, oh yeah AH must be enabled and the worm must be unpacked or ranned in order to be detected. (you can safely download the file without NOD giving a peep).